
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. | 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. | 


CONFIRMATION NO. 


10/671,058 


09/25/2003 


Janice Marie Girouard 


AUS920030637US1 


5828 



34533 7590 05/31/2007 

INTERNATIONAL CORP (BLF) 
c/o BIGGERS & OHANIAN, LLP 
P.O. BOX 1469 
AUSTIN, TX 78767-1469 



EXAMINER 



SHAN, APRIL YING 



ART UNIT 



2135 



PAPER NUMBER 



MAIL DATE 



DELIVERY MODE 



05/31/2007 PAPER 

Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Office Action Summary 


Application No. 

10/671,058 


Applicant(s) 

GIROUARDETAL 


examiner 

April Y. Shan 


Art Unit 

2135 





-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1. 136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after t he mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)E3 Responsive to communication(s) filed on 13 March 2007 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) ^ Claim(s) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(f). 
a)D All b)D Some * c)D None of: 

Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) E] Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) D Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Offce 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No ./Mail Date 2007051 8 



Application/Control Number: 1 0/671 ,058 Page 2 

Art Unit: 2135 

DETAILED ACTION 
Response to Amendment 

1 . The Applicant's amendment, filed 1 3 March 2007, has been received, entered 
into the record, respectfully and fully considered. 

2. As a result of the amendment, claims 1 , 8 and 1 5 have been amended. Claims 
1 -20 are now presented for examination. 

3. Any objections/rejections not repeated below for record are withdrawn due to 
Applicant's amendment. 

Response to Arguments 

4. On page 9 of the remark, the Applicant states "Applicant have accordingly 
included with the Response a Supplemental IDS including U.S. Publication No. 
2001/0055388 A1 under "U.S. Patent Documents". The Examiner respectfully responds 
that Examiner did not receive this Response a Supplemental IDS. However, the 
examiner listed the above mentioned U.S. Publication on PTO-892 and considered. 

5. The Applicant argued "The inclusion of the "separate input event" in claims 1 , 8 
and 15 was a clerical error, the examiner respectfully disagree after respectfully and 
carefully reviews the Applicant's original disclosure. On page 29 of the Abstract and 
page 4 of the disclosure, the Applicant discloses "...applying a hashing algorithm 
associated with the separate input event to the master password...". Also, on lines 1- 
12, page 4 of the disclosure, the Applicant discloses "Exemplary embodiments of the 
present invention... applying a hashing algorithm associated with the separate input 
event to the master password..." and on lines 14-22, page 4, the Applicant discloses "In 
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typical embodiments of the present invention, applying a hashing algorithm associated 
with the passkey event..". It appears to the examiner "applying a hashing algorithm 
associated with the separate input event" and "applying a hash algorithm associated 
with the passkey event" are two different embodiments of the instant application. In 
another words, the original claims 1, 8 and 15 recite "..separate input event.." is fully 
supported by the original disclosure. Therefore, Applicant's arguments with respect to 
claims 1-20 have been considered but are moot in view of the new ground(s) of 
rejection. 

6. Regarding Applicant's argument that "Henry does not disclose receiving, from a 
user, a passkey event uniquely associated with one of a plurality of Applications 
requiring a password" and "Henry Does not disclose applying a hashing algorithm 
associated with the passkey event to the master password to generate an application 
specific password" on pages 11-12, the Examiner respectfully disagrees and detail 
explanation is presented in the art rejection below. The examiner respectfully reminds 
Applicant that that although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) 

7. Regarding Applicant's argument that "Henry does not discloses a 
method/system/computer program for providing a password to an application in claims 
1, 8 and 15" on page 14, the examiner respectfully disagrees and detail explanation is 
presented in the art rejection below. The examiner respectfully reminds the Applicant, 
"A preamble is generally not accorded any patentable weight where it merely recites the 
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purpose of a process or the intended use of a structure, and where the body of the 
claim does not depend on the preamble for completeness but, instead, the process 
steps or structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 
USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 
(CCPA1951). Even the 



Claim Rejections - 35 USC §102 

. 8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1-3, 5-6, 8-10, 12-13,15-17 and 19-20 are rejected under 35 
U.S.C. 102(e) as being anticipated by Henry et al. (U.S. Patent No. 6,996,718). 

As per claims 1 and 8, Henry et al. discloses a method/system for providing a 
password to an application, the method/system comprising: 

receiving, from a user, an passkey event ("1. Input account username and 2. 
Input account location" in fig. 7. Please note input account username and account 
location corresponds to Applicant's passkey event) uniquely associated with (Please 
note account user name/account location is a passkey event uniquely associated with 
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one of a plurality of application requiring a password since "The user id and the server 
name cooperate to uniquely define a unique account belonging to the user" - e.g. 
col. 4, lines 18-20) one of a plurality of applications ("multiple accounts" - e.g. abstract 
requiring a password ("3. input common password" in fig. 7) 

receiving, from a user, a same master password ("a common password 30" in fig. 
1 and col. 3, line 7. Please note a common password corresponds to Applicant's a 
same master password) for access to each of the plurality of applications ("multiple 
accounts 40, 50, 60 and 70" in fig. 1 and col. 3, line 8. Please note multiple accounts 
correspond to Applicant's plurality of applications, e.g. col. 6, lines 40-44 and step 3 fig. 

applying a hashing algorithm associated with the passkey event to the master 
password to generate an application specific password ("A designated password for 
each account is generated by a hash function of the common password and some 
account-dependent information" - e.g. abstract. Please note a designated password 
corresponds to Applicant's an application specific password. "In the present invention, 
to generate, process and validate the common password and associated designated 
passwords for each of a user's accounts, a password transform algorithm is utilized. In 
a preferred embodiment of the present invention, the password transform algorithm may 
be generalized as follows: pd = Text(Hash(Ui + Pc + Si + Nr)), where, Pd stands for a 
designated password, Ui for a user ID.Pcfor a common password... Si for a server 
name (such as the server name or URL of the user's account service provider), and Nr 
for a random number.. the Hash () portion represents the hash function.. The account- 
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dependent information includes a user ID, a server name that indicates the account 
location, and a random number that is associated with the account and stored at the 
server . The user id and the server name cooperate to uniquely define a unique 
account belonging to the user" - e.g. col. 3, 1. 60- col. 4, I. 20); and 

submitting the application specific password to the application for access by the 
user ("The hash value is calculated at the user's computer, and then submitted as a 
designated password to a server" - e.g. abstract and "Once a user's account has been 
established as discussed above, the user will be able to access his/her account at the 
server... and the server prompts the user to submit the designated password Pd, step 
220... The designated password Pd is calculated according to the password transform 
algorithm, and submitted to the server over the secure connection by the user, step 
260.. If a match is found, the user is admitted to the account step 280" - e.g. col. 5, lines 
24-46 and steps 260-280 in fig. 3). 

As per claims 2 and 9, Henry et al. discloses a method/system as applied in 
claims 1 and 8. Henry et al. further discloses wherein applying a hashing algorithm 
associated with the passkey event to the same master password to generate an 
application specific password comprises: 

retrieving a hash value ("Nr for a random number" - e.g. col. 4, lines 6-7. Please 
note a random number corresponds to Applicant's hash value) associated with the 
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passkey event ("a random number that is associated with the account and stored at the 
server" - e.g. col. 4, lines 15-17); and 

applying the hash value to at least one character of the same master password 
to generate at least one hashed character (col. 3, line 66 and col. 4, lines 1-20. Please 
note Hash (Ui+Pc+Si+Nr) in col. 3, line 65 corresponds to Applicant's hashed 
character). 

As per claims 3 and 10, Henry et al. discloses a method/system as applied in 
claims 2 and 9. Henry et al. further discloses wherein retrieving a hash value 
associated with the passkey event comprises retrieving hash value from a user's 
configuration file (col. 5, lines 29-31 ). 

As per claims 5 and 12, Henry et al. discloses a method/system as applied in 
claims 2 and 9. Col. 3, line 66 and col. 4, lines 1-31 of Henry et al. further discloses 
wherein applying a hashing algorithm associated with the passkey event to the master 
password to generate an application specific password comprises: 

retrieving a character rule algorithm; and 

applying the character rule algorithm to the hashed character to generate a 
character rule compliant hashed character. 

(Please note according to Applicant's specification page 15-16, Applicant's 
definition on a character rule algorithm is inclusive with the definition of a master rule 
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algorithm. Therefore, the cited reference in Henry et al. met the limitations in claims 5 
and 12). 

As per claims 6 and 13, Henry et al. discloses a method/system as applied in 
claims 3 and 10. Col. 3, line 66 and col. 4, lines 1-31 of Henry et al. further discloses 
wherein applying a hashing algorithm associated with the passkey event to the master 
password to generate an application specific password comprises: 

retrieving a master rule algorithm; and 

applying the master rule algorithm. 

(Please note according to Applicant's specification page 1 5-1 6, Applicant's 
definition on a character rule algorithm is inclusive with the definition of a master rule 
algorithm. Therefore, the cited reference in Henry et al. met the limitations in claims 6 
and 13). 

As per claims 15-17 and 19-20, Henry et al. discloses the claimed method of 
steps as applied above in claims 1-3 and 5-6. Therefore, Henry et al discloses the 
claimed computer program product embodied in a record medium for carrying out the 
method of steps. 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 1 . The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 



12. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

13. Claims 4, 1 1 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Henry et al. as applied to claims 1-3, 5-6, 8-10, 12-13 and 15-20 above, and further 
in view of Challener et al. (U.S. Patent No. 7,085,933) 
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As per claims 4 and 11, Henry et al. does not disclose expressly wherein 
retrieving a hash value associated with the passkey event comprises retrieving a hash 
value from a configuration register. 

Challener et al. discloses wherein retrieving a hash value associated with the 
passkey event comprises retrieving a hash value from a configuration register (col. 3, 
lines 1-11). 

Henry et al. and Challener et al. are analogous art because they are from the 
same field of endeavor system and method for improving computer system security. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to incorporate Challener et al.'s retrieving a hash value associated with 
the passkey event comprises retrieving a hash value from a configuration register into 
Henry et al.'s method/system. 

The motivation of doing so would have been "for a computer system to have 
trusted computing platform capabilities" and "the random data withheld from caching to 
disk and from exposure by the secure virtual machine", as taught by Challener et al. 
(col. 2, lines 53-56 and col. 3, lines 1-11) 

As per claim 18, the combined teachings of Henry et al. and Challener et al. 
disclose the claimed method of step as applied above in claim 4. Therefore, the 
combined teachings of Henry et al. and Challener et al. discloses the claimed computer 
program product embodied in a record medium for carrying out the method of steps. 
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14. Claims 7 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Henry et al. as applied to claims 1-3, 5-6, 8-10, 12-13 and 15-20 above, and further in 
view of D'Souza et al. (U.S. Patent No. 6,625,649). 

As per claims 7 and 14, Henry et al. does not disclose expressly wherein 
receiving, from a user, a passkey event uniquely associated with any given one of the 
plurality of applications comprises receiving, from a user, an event created by a user's 
engaging a keyboard key. 

However, D'Souza et al. discloses receiving, from a user, a passkey event 
uniquely associated with any given one of the plurality of applications comprises 
receiving, from a user, an event created by a user's engaging a keyboard key, "The 
technique allows a user to launch specific software applications by simply depressing 
keys on a keyboard... The keys associated with the applications may be dedicated keys 
on a conventional keyboard. By depressing the dedicated key, the user may not only 
launch a software application, but may log onto a network, such as the worldwide web 
or the Internet, and may directly access a desired website... Where desired, specific 
combinations of keystrokes may be provided for launching the applications, logging onto 
a network, accessing specific suites, and so forth... The keyboard includes a plurality of 
keys for accessing specific Internet or network sites..." - e.g. col. 2, line 26 - col. 3, line 
3. 

It would have been obvious to a person with ordinary skill in the art at the time of 
the invention to incorporate D'Souza et al.'s an event created by a user's engaging a 
keyboard key into Henry's system/method. The motivation of doing so would have been 
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"a need. .for an improved technique for launching applications in a computer system, 
particularly applications related to launching, logging on, and navigating through 
computer networks. There is a particular need for a simple and straightforward, user- 
friendly system for rapidly access such applications..", as disclosed by D'Souza et al. 
(e.g. col. 2, lines 14-24). 

Conclusion 

1 5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (SeePTO-892) 

16. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period' for reply expire later 
than SIX MONTHS from the date of this final action. 
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Contact Information 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to April Y. Shan whose telephone number is (571 ) 270- 
1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
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system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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